Описание
mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive.
Ссылки
- ExploitPatchVendor Advisory
- ExploitIssue TrackingVendor Advisory
- PatchThird Party Advisory
- Third Party Advisory
- ExploitPatchVendor Advisory
- ExploitIssue TrackingVendor Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.13.0 (исключая)
cpe:2.3:a:0xacab:mat2:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00355
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 3 лет назад
mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive.
CVSS3: 7.5
debian
больше 3 лет назад
mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ dir ...
CVSS3: 7.5
github
больше 3 лет назад
mat2 before 0.13.0 allows directory traversal during the ZIP archive cleaning process.
EPSS
Процентиль: 57%
0.00355
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22